hawkbit

Author	SHA1	Message	Date
Avgustin Marinov	baab2fcf95	Move Mgmt artifacts into hawkbit-mgmt (#2003 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-11 15:57:56 +02:00
Avgustin Marinov	590dbc06ff	Fix TenantAwareUserPropertes.User password (#1971 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 15:42:57 +02:00
Avgustin Marinov	3e469fa58c	Code format hawkbit-runtime (#1947 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-11-05 11:38:12 +02:00
Avgustin Marinov	8d78cea9d2	Web env none in tests where not needed (#1871 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-10-04 16:51:10 +03:00
Avgustin Marinov	d5c44e6c19	Fix Doc - Remove UI leftover (#1867 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-10-04 15:04:55 +03:00
Avgustin Marinov	52b3ccf885	Improve runtime apps logging configuration (#1809 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-09 16:48:22 +03:00
Avgustin Marinov	1f2dd28ab6	[#1712 ] Fix READ_TENANT_CONFIGURATION hierarchy and add tests (#1714 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-04-12 17:39:31 +03:00
Avgustin Marinov	0dcf646385	Fix properties files to make admin a DEFAULT tenant user (#1689 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-03-15 14:16:21 +02:00
Avgustin Marinov	536bb19382	Add Roles and Hierarchies (#1673 ) Adds Roles (SpRole -> TENANT_ADMIN, REPOSITORY_ADMIN, ...) and intuitive hierarcy rules for them Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-03-01 12:35:40 +02:00
Avgustin Marinov	57450bf31b	Add fine graned role and permission for user management (#1670 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-02-29 12:01:35 +02:00
Avgustin Marinov	24d70827b7	Improve hawkBit user management (#1666 ) 1. Definded with properties users (static) are configured using property map (no need of indexes) 2. AuthenticationProvider that authenticates them is always registered (if not needed - don't configure them) 3. UserDetailsService (in case of missing - won't be registered) 4. Spring security user (spring.security.username) will be registered together with other users (if any). If any - it will be system-wide, otherwise tenant-scoped. 5. UserPrincipal renamed to TenantAwareUser in order to match its purpose. 6. Some if its fields are removes as not needed - to be closer to spring security user 7. DefaultRolloutApprovalStrategy now use UserAuthoritiesResolver instead of UserDetailsService as the central point of truth Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-02-26 16:56:37 +02:00
Avgustin Marinov	ec10950308	Swagger: little config cleanup (#1617 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-02-06 17:40:31 +02:00
Avgustin Marinov	6ddc2fae1b	Allow DEFAULT tenant auto create in example runtimes (#1616 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-02-05 11:44:02 +02:00
Diego Rondini	28f0446d9d	Update hawkBit sandbox URL (#1568 ) Update hawkBit sandbox URL to use the eclipseprojects.io domain. Signed-off-by: Diego Rondini <diego.rondini@kynetics.it>	2024-01-29 09:15:27 +02:00
Avgustin Marinov	7440d90f59	[#1383 ] Spring Boot 3 migration Step 2 (#1559 ) * [#1383] Spring Boot 3 migration Step 2 Some of the steps: 1. Change spring version parent and versions in root pom.xml 2. update eclipselink versions 3. javax.annotation -> jakarta.annotation (.java) 4. javax.persistence -> jakarta.persistence (.java) 5. javax.servlet -> jakarta.servlet (.java, pom.xml) 6. javax.validation:validation-api -> jakarta.validation:jakarta.validation-api (pom.xml) 7. javax.validation -> jakarta.validation (.java) 8. javax.transaction -> jakarta.transaction (.java) 9. replace spring-cloud-stream-binder-test (hawkbit-repository-test) with ``` <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-stream-test-binder</artifactId> </dependency> ``` , TestSupportBinderAutoConfiguration.class }) -> }) @Import(TestChannelBinderConfiguration.class) 10. Set to Simple UI standard parent 11. requestMatchers to securityMatcher 12. @SpringBootApplication(scanBasePackages = "org.eclipse.hawkbit") (otherwise for instance flyway doesn't work - suffix is default ".sql", not H2.sql and don't differentiate dbs? strange is there a change?) 13. @NonEmpty for Long leads to validation exception - replaced with @NotNull 14. RSQLUtilityTest.correctRsqlBuildsPredicate - fixed - mock query builder add method 15. https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#spring-mvc-and-webflux-url-matching-changes - aliases as targers/ return 404 - remove trailing slash 16. firewall tests (allowedHostNameWithNotAllowedHost) doesn't throw 'rejected exception' but return 400 instead (as probably is expected anyway) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com Fix tenant listing to do not mix with multitenancy Tenant metadata is not multitenancy aware while depend on distribution set type which is. Thus querying all tenant metadata (in non tenant context) sometimes leads to resolution of distribution set type which is tenant scoped and leads to problems. So, now listing tenant lists just their ids - not fill entities. Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> --------- Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-01-20 15:57:17 +02:00
Avgustin Marinov	54ccc4bee9	[#1510 ] Remove Vaadin v8 UI: Remove Lib - FIX (#1555 ) Fixes the security vulerability in previous commit: `76996c7b4a` Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-01-19 13:41:24 +02:00
Avgustin Marinov	d9481ed43f	[#1510 ] Remove Vaadin v8 UI: Remove Libs (#1554 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-01-19 12:34:42 +02:00
Avgustin Marinov	aa1bad91e1	Add @PreAuthorize enabled check for applications (#1503 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2023-12-07 22:23:40 +02:00
Avgustin Marinov	a6fa75697f	Splitting monolith app to micro services (#1490 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2023-11-30 15:41:12 +02:00
Avgustin Marinov	b362698af8	Move REST API Doc build in docs/ (#1492 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2023-11-29 09:52:40 +02:00
Avgustin Marinov	0021b03c9a	CI friendly maven poms - use $revision for version (#1477 ) https://maven.apache.org/maven-ci-friendly.html Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2023-11-16 17:23:01 +02:00
Denislav Prinov	22ce1c27a4	Rest API doc generation test - fix (#1453 ) * Added SharedSqlTestDatabaseExtension in Rest API doc test - generation Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Remove Active profile import Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> --------- Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>	2023-10-17 13:37:08 +03:00
Denislav Prinov	a4204956e6	Openapi restdoc generation v2 (#1442 ) * OpenApi restdoc generation v2 Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Attach json and yaml artifacts only if -DskipTests is not provided Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Add missing header Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Add license header Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> --------- Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>	2023-10-02 11:04:52 +03:00
Denislav Prinov	3978454900	HTTP documentation generation from OpenApi documentation (#1438 ) * Generating rest doc from swagger json Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * refactoring and adding doc Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * refactoring Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Don't directly inject files in the executable jar since it brakes it Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * using the attachArtifact configuration to generate secondary artifact Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Splitting the json documentation into mgmt and ddi. And some refactoring Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * refactoring Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Split mgmt and DDI components from the json Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> --------- Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>	2023-09-27 11:44:30 +03:00
Stanislav Trailov	b51a5d6c90	Feature/swagger support (#1432 ) * Swagger support initial concept Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add descriptions for Target tags Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add target filter queries descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add target api descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add software modules API descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add descriptions for DS, DSTags and SMTypes Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add DistributionSetType API descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add Rollout API descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Bring back test scope to mariaDb Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add tags and descriptions to System config API Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Move away OpenAPI config from Start.java Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * provide license header and project version for openapi Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Fix error responses with example error body Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add DDI API to swagger and make proper API grouping Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Revert changes from not merging before commit Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Remove more changes Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * fix circle ci build Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> --------- Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io>	2023-09-25 13:44:55 +03:00
Avgustin Marinov	9c86729a68	[#1393,#1008] Switch to Eclipse v2.0 license (#1427 ) Switching license from EPL v1 to v2. Following https://www.eclipse.org/legal/epl-2.0/faq.php#h.tci84nlsqpgw Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2023-09-14 11:03:20 +03:00
Stanislav Trailov	0ee081dafc	hawkBit Swagger support (#1423 ) * Swagger support initial concept Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add descriptions for Target tags Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add target filter queries descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add target api descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add software modules API descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add descriptions for DS, DSTags and SMTypes Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add DistributionSetType API descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add Rollout API descriptions Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Bring back test scope to mariaDb Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Add tags and descriptions to System config API Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Move away OpenAPI config from Start.java Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * provide license header and project version for openapi Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> * Fix error responses with example error body Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io> --------- Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io>	2023-09-13 10:40:31 +03:00
Avgustin Marinov	56ea5b15c9	[#1383 ] Spring Boot 3 Migration / Step 1 (#1384 ) 1. PagingAndSortingRepository doesn't extend CrudRepository anymore. For all extending that interface repositories CrudRepository super interface shall be now declared (https://spring.io/blog/2022/02/22/announcing-listcrudrepository-friends-for-spring-data-3-0 - ``` The popular PagingAndSortingRepository used to extend from CrudRepository, but it no longer does. This lets you combine it with either CrudRepository or ListCrudRepository or a base interface of your own creation. This means you now have to explicitly extend from a CRUD fragment, even when you already extend from PagingAndSortingRepository. ``` ) 2. org.eclipse.hawkbit.autoconfigure.mgmt.ui -> move in hawkbit-ui (to be ready for removal), anyway - it's a better location for ui related configs 3. extends WebMvcConfigurerAdapter -> implements WebMvcConfigurer 4. remove WebSecurityConfigurerAdapter -> https://docs.spring.io/spring-security/reference/5.8/migration/servlet/config.html#_stop_using_websecurityconfigureradapter, https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter and add @Order to the bean reg!! 5. Use configurers (the other will be deprecated / removed), e.d: http.csrf().disable() -> http.csrf(AbstractHttpConfigurer::disable) 6. configure(final AuthenticationManagerBuilder auth) -> put in httpsecurity config - http.getSharedObject(AuthenticationManagerBuilder.class).... (https://www.baeldung.com/spring-security-authentication-provider) 7. configure(final WebSecurity webSecurity) -> ``` @Bean public WebSecurityCustomizer webSecurityCustomizer() { return (web) -> web.ignoring().antMatchers("/documentation/", "/VAADIN/", "/.", "/docs/**"); } ``` (https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter) 8. AuthenticationManager authenticationManagerBean() -> ``` @Bean AuthenticationManager authenticationManager(final AuthenticationConfiguration authenticationConfiguration) throws Exception { return authenticationConfiguration.getAuthenticationManager(); } ``` (https://backendstory.com/spring-security-how-to-replace-websecurityconfigureradapter/) 9. WebMvcAutoConfiguration could be removed - it uses deprectated methods, and sets properties that are same by default - hence - not neeeded (https://github.com/spring-projects/spring-framework/issues/23915#issuecomment-563987147) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2023-07-17 10:36:26 +03:00
Sebastian Firsching	41922bfa0c	Adapt rel value in properties files Signed-off-by: Sebastian Firsching <sebastian.firsching@bosch-si.com>	2023-06-20 09:08:05 +02:00
Shruthi Manavalli Ramanna	0759fd80b0	Added support for cdn download url for mgmt API and tests Signed-off-by: Shruthi Manavalli Ramanna <shruthimanavalli.ramanna@bosch-si.com>	2023-06-02 19:09:31 +02:00
Michael Herdt	6f854afdae	Introduce GitHub action to execute vulnerability scan using Trivy (#1333 ) * Introduce docker maven plugin for hawkbit update server * Introduce GitHub action to execute vulnerability scan using trivy	2023-03-28 07:42:04 +02:00
Stefan Behl	4a3a79aa6b	Migration to Spring Boot 2.7.10 (#1320 ) * Initial commit * Fix compile breaks * Fix hibernate config * Fix hibernate config * Fix failing tests * Improve logging * Improve logging * Fix Sonar issues * Remove BusProperties * Add BusProperties bean back in * Fix JPA workaround * Fix CVE-2021-22044 * Fix test failures * Fix PR review findings * Fix CVEs * Remove H2 version downgrade, fix schema migration, enable legacy mode * Downgrade Vaadin back to 8.14.3 * Fix EventPublisherHolder * Fix RemoteTenantAwareEvent * Fixed EventPublisherAutoConfiguration * New version of spring-hateoas requires links to be expanded (Mgmt API) * New version of spring-hateoas requires links to be expanded (Mgmt API) * Fix PR review findings * Fix PR review findings * Fix PR review findings * Update README.md * MariaDB Java Client downgrade to maintain compatibility with AWS Aurora * Temporarily disable RSQL test that depends on DB collation type * Upgrade to boot 2.7.10 * Upgrade snakeyaml to 1.33 * Upgrade Spring Security OAuth2 to version 5.7.7 * Remove obsolete exclusion of junit-vintage-engine * Upgrade jackson-bom to 2.14.2	2023-03-28 07:16:25 +02:00
Ahmed Sayed	090db6fd7b	Speedup build: introduced SharedSqlTestDatabase and DisposableSqlTestDatabase junit extensions (#1218 ) * fixed PostgreSql migration scripts * introduces SharedSqlTestDatabaseExtension and DisposableSqlTestDatabaseExtension * Add cause msg to JUnitTestLoggerExtension Signed-off-by: Ahmed Sayed <ahmed.sayed@bosch.io> Signed-off-by: Florian Ruschbaschan <florian.ruschbaschan@bosch.io> Co-authored-by: Florian Ruschbaschan <florian.ruschbaschan@bosch.io>	2023-03-09 07:30:22 +01:00
Michael Herdt	06fc4fb6d2	Make exposed CORS headers configurable (#1322 ) * Prevent losing headers (like CORS related ones) when resetting the response headers due to artifact stream. * add comment * Extend CORS tests to verify provided header.	2023-02-23 14:16:42 +01:00
Bondar Bogdan	5bcaf3d99b	UI error handling refactoring (#1106 ) * refactored HawkbitUIErrorHandler to delegate error details extraction to external extractor beans * refactored ui error handling, allowed ui error details extractors to return a list of error details * added license headers, restructured package structure * adapted javadocs * fixed sonar findings * fixed license header * added tests for HawkbitUIErrorHandler * refactored ConstraintViolationErrorExtractor, added test for extractors * changed UI tests feature to Management UI * fixed the parent/child error type resolution by ui error details extractor, added test Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>	2021-04-22 08:19:45 +02:00
Dominic Schabel	81defa10a6	Migration to JUnit5 as default test runtime (#1082 ) * Migrate tests to JUnit5 Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io> * REST docs tests migrated to JUnit5 Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io> * Migrated security and UI tests to JUnit5 Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io> * Migrated management tests to JUnit5 Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io> * Reflecting changes from JUnit5 migration Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io> * Fix RabbitMQ test detection Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io> * Drop support for JUnit4 Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>	2021-03-15 13:40:40 +01:00
Dominic Schabel	1d4ffa7604	Proxy support for sandbox fixed Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>	2021-02-15 18:09:26 +01:00
Dominic Schabel	9c5360e59d	JUnit5 support (#1063 ) * First preparation for JUnit5 Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io> * Exclusion of JUnit5 removed Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>	2021-02-12 08:22:26 +01:00
Dominic Schabel	17cca56a1b	Merge pull request #1018 from bosch-io/fix_migration_to_new_spring_boot_version Update Spring Boot to 2.3.7.RELEASE	2021-02-11 16:42:14 +01:00
Dominic Schabel	632bd26744	Fixed default token settings (#1074 ) Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>	2021-01-22 14:54:07 +01:00
Ammar Bikic	ac8c174b2c	Merge remote-tracking branch 'origin/master' into fix_migration_to_new_spring_boot_version_merge_master Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>	2021-01-15 17:28:49 +01:00
Kai Zimmermann	e9f11d2a20	DB and RabbitMQ integration tests and PostgreSQL testing/bug fixing (#1047 ) * Initial matrixSigned-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * License header * MySQL DB testSigned-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Create matrix for DBsSigned-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * RabbitMQ and H2Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * MySQL 8.0Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Postgresql test supportSigned-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Postgresql test supportSigned-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Fix DB issues post and mssql Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Wait MSSQL Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Fix postgresql tests. Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * MSSQL startup fix.Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Fix syntax error Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Further fix postgres tests.Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Revert unnecessary changes. Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Add SonarCloud Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com> * Simplify devcontainer. Test JDK 15Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com>	2021-01-14 09:07:03 +01:00
Dominic Schabel	94b7c12cde	Fixes #1067 JSON body response for HTTP 404 error may contain unsafe URL path characters. Thus removing path from the response Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>	2021-01-12 11:56:56 +01:00
Ammar Bikic	adeabbd442	Changes requested within pull request review. Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>	2021-01-08 19:28:26 +01:00
Ammar Bikic	98f7a5b9f3	Host header attack implementation improvements and tests Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>	2020-12-04 13:33:59 +01:00
Ammar Bikic	75d906252e	Fix host header attack Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>	2020-11-30 16:25:43 +01:00
Ammar Bikic	165f6e0435	Change to proper versioning Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>	2020-11-03 09:59:21 +01:00
Ammar Bikic	bd382c3725	Adaptations due to PR comments Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>	2020-10-15 11:45:08 +02:00
Ammar Bikic	28b65a290d	Update Spring Boot to 2.3.2 -Update Spring Cloud to Hoxton.SR7 -Replace ResourceSupport by RepresentationModel (Spring Hateoas 1.0) -Replace ControllerLinkBuilder by WebMvcLinkBuilder (Spring Hateoas 1.0) -Move getId() from Identifiable to BaseEntity (Spring Hateoas 1.0) -Remove hamcrest.Factory -Use static Sort.by reference -Place http security anyRequest().authenticated() -Replace MockMvcRequestBuilders.fileUpload by MockMvcRequestBuilders.multipart -Deprecate MEDIA_TYPE_CBOR_UTF8 -Replace MEDIA_TYPE_CBOR_UTF8 by MEDIA_TYPE_CBOR in tests -Replace HAL_JSON_UTF8 by HAL_JSON in tests -Replace APPLICATION_JSON_UTF8 by APPLICATION_JSON in tests -Use org.mockito.junit.MockitoJUnitRunner -Remove overridden dependency versions -Removing not needed comments in pom.xml -Downgrade flyway-core to be MySQL 5.6 compatible -Add maven-site-plugin since it was removed with spring-boot 2.3 -Set servlet encoding properties -Introducing Test that verifies the charset inside the content-type of a response -Add @DirtiesContext to CorsTest and ContentTypeTest -Add content-type mockmvc test with adapted mockmvc config -Move encoding.force property to test class -Switch expected and actual parameter values in content-type test -Delete deprecated content-type test with TestRestTemplate -Exclude JUnit5 from spring-boot-starter-test -Upgrade allure-junit4 to 2.13.5 -Add aspectjweaver 1.9.6 to surefire test execution -Add flyway-core version to property -Use getRequiredLink() within MgmtBaseEntity.getId() Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>	2020-10-02 18:11:18 +02:00
Bondar Bogdan	0e4b67895e	Vaadin security enhancements (#1003 ) * Removed VaadinManagedSecurity configuration from MgmtUiAutoConfiguration * added SessionFixationProtectionStrategy for additional protection of UI session authentication * added VaadinSessionClosingLogoutHandler to logout from all UI sessions * added AccessDecisionManager to UI security configuration in order to support method security in UI in context of VaadinSharedSecurity * Changed UI push transport from WEBSOCKET to WEBSOCKET_XHR to solve problems with Spring Security Context * Suppressed atmosphere IOUtils false-positive warning * Removed obsolete AsyncVaadinServletConfiguration * Defined Vaadin4SpringServlet bean instead of plain SpringVaadinServlet for configuration flexibility * Removed obsolete SpringSecurityAtmosphereInterceptor because the client does not communicate with the server using websocket protocol anymore * Removed unit test for SpringSecurityAtmosphereInterceptor * Removed obsolete AuthenticationManagerConfigurer coming from Vaadin Managed Security in InMemoryUserManagementAutoConfiguration * Removed SessionFixationProtectionStrategy and VaadinSessionClosingLogoutHandler because all wrapper sessions are invalidated when the session managed by Spring gets invalidated together with configured HttpSessionEventPublisher events * Added call to close the current session before logout redirect * added comment why we used WEBSOCKET_XHR instead of WEBSOCKET Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>	2020-09-03 10:35:22 +02:00

1 2

92 Commits